A Guide to Cyber Defense for Associations

26th August 2022

Nicola Hartland, Senior VP Falanx Cyber, explains the steps to be taken if associations want to protect themselves from cyber attacks.

Associations are responsible for supporting their members from the halls of power to the halls of their offices. And while many associations do an excellent job educating their members on how to mitigate cyber risk, far too many leave their members – and themselves – blind to the threat of hackers and what to do to protect themselves. 

Just last year, JBS, the world’s largest meat processor, had its systems breached. The attack temporarily shut down its operations, and the company was cornered into paying an £8 million in ransom to end the attack. But the industry trade association, the British Meat Processors Association, had published an incredibly limited amount of cyber best-practice advisory for its members. And they’re not the only ones. The American Meat Processors Association was, and remains, similarly tight-lipped on how to prevent attacks. 

21 days and the impact of a cyber-attack 

Despite the clear and present danger, associations and their members are not taking the cyber threat seriously enough. The UK government reports that a third of businesses experience a cyber-attack every week. And when a company or association experiences a breach, the average recovery time is 21 days

The effect of a hack can be devastating. Beyond the reputational damage and sizable ransom payments, it is this 21-day recovery period where the cost really occurs. 

According to a recent report, downtime can cost an organisation over £1 million per attack. It is no wonder that an overwhelming 80 per cent of businesses infected with ransomware end up paying the ransom, to minimise this crippling downtime. 

The painful three-week recovery time accounts for having to shut down and wipe the infected systems, and then reinstall an entirely new network, which includes the necessary cyber defences to protect from future attacks. 

It accounts for a whole month during which a business cannot meet its customer’s needs. Three weeks of missed deadlines, unanswered enquiries, and growth plans unrealised. The shock of losing out on 21 days of work can be truly catastrophic.

Associations themselves are not immune to being targeted either. And, like any organisation, they are only as strong as their reputation, both from a membership perspective but also from an advocacy one. 

When an association undergoes a cyber-attack, it impacts the trust of its members. Sensitive information is at risk, and trust in an organisation’s abilities could wane, possibly resulting in members looking to competitor associations or cancelling services.

How to protect yourself from a cyber-attack 

Do not fret, the power is in your hands. Mitigation tactics come in two forms: 1) offensive and 2) defensive.

On the offensive, Falanx Cyber recommends using penetration testing on internal and external facing systems. ‘Pen tests’ are simulated attacks carried out by ethical hackers, to see where defences need to be bolstered. They employ the same techniques that cybercriminals use to reveal if an organisation’s systems or applications can withstand hostile attacks and whether discovered vulnerabilities can lead to further intrusions and exploitation. 

On the defensive, Managed Detection and Response (MDR) combines the talents of a team of security analysts in a Security Operations Centre (SOC) with sophisticated tools and AI to monitor for anomalies on a network 24/7, 365 days a year. SOCs based in your main country of operations are always best, giving you the opportunity to regularly visit the team dedicated to protecting your systems.

MDR also reduces the time it takes to detect and respond to threats. Put simply, the sooner an incident can be detected and dealt with, the easier and cheaper it is to ensure the business continues to operate. It significantly reduces the cost, time, and effort in dealing with the fall-out from a cyberattack.

Associations do not typically have the internal expertise needed to navigate their members through this cyber minefield. As such, bringing in expert cyber training is another valuable defence mechanism. Training empowers employees with the right cybersecurity tools to be an organisation’s first line of defence. With almost 90 per cent of hacks due to human error, this is a brilliant way to improve overall security, empowering staff to be your best security asset. 

Across the board, associations need to follow the lead of others, including the British Frozen Food Federation which continues to provide robust up-to-date cyber guidance to their members. This guidance should inform companies on how to understand and counter cyber threats, detailing how they can protect themselves on the offensive and defensive.

Invest now, save later 

With the number of cyber-attacks continuing to skyrocket, associations must continue to strive to do more. Informing, upskilling and alerting members of their cyber blind spots, and how to close them. It is imperative that associations institute cyber defence best practices within their own systems too. 

The investment of time and money into offensive and defensive cyber security will always outweigh the long – and costly – road to recovery from a successful attack. 

Hit enter to search or ESC to close